Skip to main content

Articles & Blogs

HxGN EAM Validated as Compatible with NERC CIP Requirements

Published Date

As the power industry digitizes its operation, more companies are grappling with spiraling data needs. Historically, power companies have used on premise solutions for their data needs, but the explosive growth in the amount — and cost — of data has power companies looking to migrate to the cloud.

But cost and efficiency are not the only considerations for power companies. Regulatory compliance is a significant factor that outweighs almost all other considerations — particularly for data subject to NERC's Critical Infrastructure Protection standards. Many power companies see NERC CIP as one of the major barriers toward migrating applications to the cloud.

Recently, the Federal Energy Regulatory Commission hosted a number of speakers who stressed that cloud solutions could provide increased cost savings, improved reliability and stronger security benefits for power companies. However, NERC CIP requirements can complicate cloud adoption with power companies uncertain about ensuring compliance with cloud solutions.

In fact, some power companies argued that "current NERC standards 'do not provide clear guidance' on how regulated entities can implement new technologies that may not have been envisioned by the current CIP rules," according to a report by Utility Dive. Other industry stakeholders expressed concern that a lack of cloud technologies made the grid less secure and even held back decarbonization goals.

How Hexagon Helps Bridge the Gap

With that uncertainty around deploying cloud solutions, while ensuring CIP compliance, Hexagon has taken steps to address how our cloud solutions can provide significant benefits to power companies in a way that is consistent with NERC CIP requirements.

Hexagon has engaged NAES, the power generation industry's largest independent services provider, to evaluate HxGN EAM, a best-in-class enterprise asset management soltuion that can help digitize and optimize maintenance operations to reach new levels of efficiency.

NAES found that HxGN EAM met the needs and requirements of power companies with NERC CIP compliance requirements. NAES' suitability assessment found that Hexagon "is dedicated to upholding these standards by offering its customers the HxGN EAM asset management software."

This detailed — and independent — review of HxGN EAM's controls and the requirements of NERC CIP standards, NAES found that:

This solution optimizes asset lifecycles while prioritizing data security through encryption, role-based access control, and audit trails. Hexagon's commitment to transparency ensures that they work closely with customers to meet their unique security and reliability needs within the framework of NER CIP standards, ultimately enhancing productivity and compliance.

How We Did It

HxGN EAM is trusted by the most complex, mission-critical organizations across the globe. Building robust controls and security protocols is an essential part of ensuring HxGN EAM's success. A few ways EAM works to provide security for customers:

  • Data Security: Hexagon's HxGN EAM prioritizes data security through encryption, role-based access control and audit trails. These security measures help protect sensitive data from unauthorized access or breaches.
  • Access Controls: Hexagon employs stringent logical access controls to protest the receipt, storage and internal transfer of client data, all within authorized system boundaries.
  • Compliance Audits: Hexagon undergoes SOC 2 and ISO 27001 audits to demonstrate its security controls and practices align with NERC CIP standards, providing evidence of its commitment to compliance.
  • Physical Security: Hexagon relies on AWS to maintain physical security controls, including restricting access to data centers, backup media and other system components such as firewalls, routers and servers.
  • Incident Response and Reporting: HxGN EAM has documented security incident handling and response procedures to respond promptly and efficiently to security incidents, which is a requirement under NERC CIP standards.
  • Encryption: Hexagon has employed best practices regarding the use of encryption at rest and in transit to ensure that BCSI remains safeguarded and accessed only by authorized personnel. Customers cannot bring their own encryption keys into the environment.
  • Business Continuity: Hexagon dedicates substantial efforts to ensure service availability, achieving a minimum monthly uptime of at least 99.5%.

While cloud services can be concerning to power customers, Hexagon continues to learn and adapt secure ways to help ensure NERC CIP compliance is met. As power companies adopt the newer technology in cloud computing Hexagon works directly in standardizing compliance methods on a case-by-case basis for each customer.

Looking Beyond Power

The suitability of NERC CIP requirements is just the latest step in HxGN EAM's ability to adapt to bring advanced asset management solutions to highly regulated industries. EAM is currently being used by food and beverage customers subject to Food and Drug Administration regulations.

HxGN EAM's ability to adapt to user requirements in different industries is an important piece of how the solution allows organizations to evolve their asset performance management.